Pages promoting the PlayStation games SingStar Pop and God of War contained SQL-injected code. Visitors to those specific game pages would see a fake antivirus scan, then a message that their computer was infected with different viruses and Trojan horses. Warned, the user would then be asked to purchase the scanner to remove the bogus malware.

The injected code linking to the scanner has since been removed.

Sophos said the attack could have downloaded malicious payloads, but did not.

Security researcher Dancho Danchev said in his ZDNet blog that Sony wasn't alone. It was one of 794 domains hit in the latest automated SQL-injection campaign using a multilayer fast-flux superstructure built around coldwop.com. Over the last 90 days, Google reports that 794 domains have been infected with code pointing to that domain. These are legitimate sites with vulnerabilities that allow criminal hackers to inject code pointing to their servers.

With fast-flux, a registered domain name stays the same while its node changes frequently, presumably thwarting any attempts to shut down the server hosting malicious content.

About the author

As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.
See full bio